NDTV News

NDTV.com provides latest news from India and the world. Get today’s news headlines from Business, Technology, Bollywood, Cricket, videos, photos, live news coverage and exclusive breaking news from India.

https://www.ndtv.com/

Hackers Targeting Indian, Afghan Government, Military Officials: Report.

Pak Hackers Targeting Indian, Afghan Government, Military Officials: Report

The cyber espionage campaign was observed by Malwarebytes (Representational)

New Delhi:

Pakistani hackers are targeting the Indian and Afghan governments, especially the military officials to steal sensitive Google, Twitter and Facebook credentials from its targets and stealthily obtain access to government officials, a report by thehackernews.com has revealed.

The portal said, "Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as SideCopy, which is so-called because of its attempts to mimic the infection chains associated with another group tracked as SideWinder and mislead attribution".

"The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications," the report quoted Malwarebytes researcher Hossein Jazi as saying.

He added, "The embedded files are tailored to target government and military officials based in Afghanistan and India".

Thehackernews.com said in its report the revelation comes close on the heels of disclosures that Meta took steps to block malicious activities carried out by the group on its platform by using romantic lures to compromise individuals with ties to the Afghan government, military, and law enforcement in Kabul.

Some of the prominent attacks were waged against personnel associated with the Administration Office of the President (AOP) of Afghanistan as well as the Ministry of Foreign affairs, Ministry of Finance, and the National Procurement Authority, resulting in the theft of social media passwords and password-protected documents.

"SideCopy also broke into a shared computer in India and harvested credentials from government and education services", said the report.

In addition, the actor is said to have siphoned several Microsoft Office documents, including names, numbers, and email addresses of officials and databases containing information related to identity cards, diplomatic visas, and asset registrations from the Afghani government websites, all of which are expected to be used as future decoys or to fuel further attacks against the individuals themselves.

The cyber espionage campaign observed by Malwarebytes involves the target opening the lure document, leading to the execution of a loader that's used to drop a next-stage remote access trojan called ActionRAT, which is capable of uploading files, executing commands received from a server, and even download more payloads.

Also dropped by the loader is a new information stealer dubbed AuTo Stealer, which is programmed to collect Microsoft Office files, PDF documents, text files, database files, and images before exfiltrating the information to its server over HTTP or TCP.

"This is far from the first time SideCopy APT's tactics have come to light. In September 2020, cybersecurity firm Quick Heal revealed specifics about an espionage attack aimed at Indian defence units and armed forces personnel at least since 2019 with an aim to steal sensitive information", said thehackernews.com report.

Then earlier this July, Cisco Talos researchers exposed the hacking group's myriad infection chains delivering bespoke and commodity remote access trojans such as CetaRAT, Allakore, and njRAT in what they called an expansion of malware campaigns targeting entities in India.

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

Related news

Amid 5G Scare, US Travel Plans Stuck For Thousands

Travel plans for thousands of passengers, including those travelling to India, were disrupted after airlines cancelled or cut short the duration of many flights to and from the United States over...

NDTV News

'I'm done with Covid!': Journalist gets praise and backlash for late-night comments.

'I'm done with Covid!': Journalist gets praise and backlash for late-night comments.

Doctors Jonathan Reiner and Lucy McBride respond to comments made by journalist and author Bari Weiss claiming she is "done" with Covid-19 during an appearance on HBO's "Real Time with Bill Maher." #CNN #News

1 1

Boris Johnson hit by MORE rule-breaking allegations over 'lockdown birthday bash'.

Boris Johnson hit by MORE rule-breaking allegations over 'lockdown birthday bash'.

BORIS Johnson has tonight come under more pressure to resign as Prime Minister as fresh allegations are made that a rule-breaking 'lockdown birthday party' was held at Downing Street last year. The PM allegedly hosted guests at Number 10 to celebr...

1 32

Brian Kilmeade: This is 'panic time' for the White House.

Brian Kilmeade: This is 'panic time' for the White House.

'Outnumbered' panel reacts to a Fox News poll that found 60 percent of Americans would vote against Biden today. #FoxNews Subscribe to Fox News! Watch more Fox News Video: Watch Fox News Channel Live: FOX News Channel (FNC) is a 24-hour all-encomp...

LA schools mandating non-cloth masks

LA schools mandating non-cloth masks

As Los Angeles public schools mandate non-cloth masks, one county in Georgia will be making masks optional for students.

ABC News Prime: 1/24/2022

ABC News Prime: 1/24/2022

#ABCNews SUBSCRIBE to ABC NEWS: Watch More on LIKE ABC News on FACEBOOK FOLLOW ABC News on TWITTER: GOOD MORNING AMERICA'S HOMEPAGE:

Police lift SUV to rescue 70-year-old woman trapped underneath #Shorts.

Police lift SUV to rescue 70-year-old woman trapped underneath #Shorts.

#Shorts POLICE officers lift an SUV with their bare hands to free a 70-year-old woman who was trapped underneath the vehicle on January 19. Officers from the New Castle County Police lifted the vehicle after discovering the woman with her left arm...